Getting Data In

Discussions

Thread Info

Does not eat all Zip file?

Hi~ I'd like to monitor the local files generated by kiwi log server, and every 12 month it would be compressed as a ...

by Contributor in

Real source IP of event

Hi, We uncovered a problem with two forwarders using the same host-value. At first, we were baffled by the fact th...

by Builder in

Multiple lines are getting stuck together at indexing

I am indexing a file of single line log events and some lines are getting chunked together into one event. Trying to ...

by Explorer in

breaking down segments of events

hi... I need to break down my event logs. I'm getting confused in configuring transform.conf, props.conf, etc... ...

by Communicator in

using splunk for debug or trace logs

I have a complex system which sometimes needs to be debugged or troubleshooted by using verbose trace logs. the chall...

by Explorer in

WARN DateParserVerbose in splunkd.log - How do i find out which host?

I am seeing DateParserVerbose messages that say the matched timestamp is not cool, but the matched timestamp appears ...

by Communicator in

Encoding for forwarded data

I have files in CP866 encoding. For indexing them in Splunk i made russian-CP866.ngram file and changed props.conf th...

by Contributor in

How to replace meta information?

Hi, I have a small lab where there is a heavy forwarder. I can/want to perform transformation on Meta info at Heav...

by Explorer in

Monitor a FTP server?

FTP download is the only way this particular system is allowing us to access its logs. Files are dumped into the FTP ...

by Motivator in

inputs.conf error

I'm getting following error while starting splunkforwarder after updating inputs.conf under splunkforwarder. These ar...

by New Member in

inputs.conf error in SplunkForwarder

I have updated the inputs.conf under /opt/splunkforwarder/etc/system/local, but after restarting splunk I'm getting t...

by New Member in

Monitor cisco router interfaces

I'm looking for a way to monitor several router and several interfaces (physical, tunnel...). I need to extract statu...

by Path Finder in

Events from second-tier Windows Universal Forwarders not appearing in Splunk

We are failing to get events indexed with the following topology: Splunk 4.2 receiving compressed events over the int...

by Path Finder in

Hot Bucket Data on Splunk Crash

If Splunk Crashes will I lose everything that was being indexed in the Hot Bucket?.....is it safe to configure Splunk...

by Builder in

Can you blacklist a host?

Here's the situation I'm trying to muddle through: We have a production server that inputs.conf is monitoring, all...

by Explorer in

Command Usage with Examples..

Hi, Today I've read the page(docs) all about "splunk" , and listened to few of videos and it's great , impressed ,...

by New Member in

new monitor stanza not indexed

Hello, On my Windows box, I've added a new monitor stanza in my local inputs.conf file. The config is: [monitor...

by Explorer in

Problem reading syslog events

My firewall is using syslog-ng to send logs to my log server over TCP on port 514. In Splunk>>Manager>>Data inputs>>T...

by Path Finder in

Data Collection from Printers

Can Splunk be used to collect data from printers (and other network devices like routers, switches). Sorry if this...

by Path Finder in

Does Universal Forwarder Solaris v8 app work on Ultra-60?

Downloaded and installed the Solaris 8 packagewith: % pkgadd -d splunkforwarder-4.2.3-105575-solaris-8-sparc.pkg ...

by Engager in

Getting Data In

Discussions

Does not eat all Zip file?

Real source IP of event

Multiple lines are getting stuck together at indexing

breaking down segments of events

using splunk for debug or trace logs

WARN DateParserVerbose in splunkd.log - How do i find out which host?

Encoding for forwarded data

How to replace meta information?

Monitor a FTP server?

inputs.conf error

inputs.conf error in SplunkForwarder

Monitor cisco router interfaces

Events from second-tier Windows Universal Forwarders not appearing in Splunk

Hot Bucket Data on Splunk Crash

Can you blacklist a host?

Command Usage with Examples..

new monitor stanza not indexed

Problem reading syslog events

Data Collection from Printers

Does Universal Forwarder Solaris v8 app work on Ultra-60?

Getting Data from OpenVMS into Splunk Cloud

when to use http event collector api to create ven...

Splunk cloud and Microsoft Infrastructure

How to match join on certain conditions within the...

Prevent duplicates from generic S3 input